CVE-2021-22951

Published: Nov 19, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: "Solar Security Research Team"Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0

Affected (1)

Products: Concretecms: Concrete Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Concretecms Concrete Cms	Before 8.5.7

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes

Source: support@hackerone.com

Release NotesVendor Advisory

https://hackerone.com/reports/1102014

Source: support@hackerone.com

Permissions RequiredThird Party Advisory

https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://hackerone.com/reports/1102014

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.